Vulnerability Details : CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Vulnerability category: Input validation
Threat overview for CVE-2014-2653
Top countries where our scanners detected CVE-2014-2653
Top open port discovered on systems with this issue
22
IPs affected by CVE-2014-2653 386,636
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-2653!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-2653
Probability of exploitation activity in the next 30 days: 0.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2653
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2014-2653
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2653
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:068
mandriva.com
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:095
mandriva.com
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
#742513 - If server offers certificate, doesn't fall back to checking SSHFP records (CVE-2014-2653) - Debian Bug report logsExploit
- http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015
-
http://rhn.redhat.com/errata/RHSA-2014-1552.html
RHSA-2014:1552 - Security Advisory - Red Hat Customer Portal
-
http://advisories.mageia.org/MGASA-2014-0166.html
Mageia Advisory: MGASA-2014-0166 - Updated openssh packages fix CVE-2014-2653
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html
[SECURITY] Fedora 19 Update: openssh-6.2p2-8.fc19
-
http://rhn.redhat.com/errata/RHSA-2015-0425.html
RHSA-2015:0425 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2164-1
USN-2164-1: OpenSSH vulnerability | Ubuntu security notices
-
http://openwall.com/lists/oss-security/2014/03/26/7
oss-security - CVE request: openssh client does not check SSHFP if server offers certificate
-
http://marc.info/?l=bugtraq&m=141576985122836&w=2
'[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of S' - MARC
-
http://secunia.com/advisories/59855
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html
[SECURITY] Fedora 20 Update: openssh-6.4p1-4.fc20
-
http://www.debian.org/security/2014/dsa-2894
Debian -- Security Information -- DSA-2894-1 openssh
-
http://www.securityfocus.com/bid/66459
OpenSSH Certificate Validation Security Bypass Vulnerability
Products affected by CVE-2014-2653
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*